Home   | CCNA Certification  |   CCNP Training   | CompTIA |  Boot Camps  |  Free Tutorials   | MS Vista | About Me
 

Get My Exclusive FREE 7-Part Report,
"How To Pass The CCNA", Daily FREE
Cisco And CompTIA Exam Questions,
And All The Latest Certification News
In My Daily Newsletter!

Privacy Policy

Name:
Email:
  More Testimonials >
Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!


 

CompTIA Network + Exam Certification Training:

RFC 1918 IP Private Addresses, NAT, And PAT

By Chris Bryant, CCIE #12933

You'd think we have plenty of IP addresses to go around, but we also used to think that individuals would never need a larger storage device than a floppy disk!   The explosion of networks led to a shortage of IP addresses, so RFC 1918 Private Address ranges were developed.

These address ranges are reserved for devices on Local Area Networks (LANs).  They cannot be placed on devices that will be communicating over the Internet, such as a router interface or web server.  Since the private addresses in these ranges will never be in use on the Internet, they can be used over and over again by Local Area Networks, as shown in the following illustration.

RFC 1918 Private Addresses

There's no problem with assigning hosts on different LANs the same IP addresses, IF...

  • They're in one of the three 1918 private address ranges
  • They have no need to communicate over the Internet

Here are the three private address ranges:

Class A:  10.0.0.0 - 10.255.255.255    (10.0.0.0 /8)

Class B:  172.16.0.0 - 172.31.255.255   (172.16.0.0 /12)

Class C:  192.168.0.0 - 192.168.255.255  (192.168.0.0 /16)

It's worth repeating that hosts with IP addresses from these ranges cannot communicate with any device on the Internet. 

As with many networking issues, private address ranges solve one problem while another one becomes apparent.  The development of these private addresses does ensure that we don't run out of IP addresses, but it's not really practical in today's networks to have hosts that can't reach the Internet.  Web-based applications are becoming more and more popular, so our "average host" is going to need internet access.  This Internet access can be granted to hosts using private addresses by using Network Address Translation (NAT).

A router configured to use NAT will translate a private address into a routable, public address, which allows the packets to be sent to an Internet-based host.  When that Internet-based host responds, the router will translate the routable address back to the original private address. 

Let's walk through an example to see how NAT works.  The host in the following illustration has a private address of 10.1.1.2, and it needs to communicate with a website that has an IP address of 210.1.1.2.  The router is configured to use NAT.

NAT Router

The host sends a packet destined for the website.  The router will receive this packet, see the private address, and will then check its NAT configuration to see if this private address is eligible to have its address translated to a routable address.

NAT Outgoing Packet

The router will now translate that source IP address from 10.1.1.1 to 180.1.1.2.  The router will also keep a NAT mapping table that keeps a record of this translation.

NAT Address Translation Process

The website will respond with packets with a destination IP address of 180.1.1.2.  When the NAT router receives these packets, it will look in its NAT mapping table and see that this address was originally 10.1.1.2.  The router will translate the destination address from 180.1.1.2 back to 10.1.1.2 and will send the packets to that address.

NAT Incoming Packet

 

A couple of additional notes about NAT:

  • The entire process is transparent to all devices except the NAT router itself.
  • The public addresses used for NAT must belong to the organization that owns the NAT router - you don't just get to make up your own routable addresses.  :)
  • There are two versions of NAT.  Static NAT is a one-on-one mapping between a private and public address; Dynamic NAT defines a group, or pool, of routable addresses and allows specified hosts to use an address from that pool.

A third version of NAT is PAT - Port Address Translation - and it's also very popular.  You can actually use a single routable address to allow multiple hosts with private addresses to access Internet-based hosts.  Let's walk through an example where two separate hosts with private addresses both need Internet access, but there's only one routable address available to the router.  A router configured to use PAT will translate both hosts' private addresses, but use different port numbers to differentiate between them.  Just as before, a mapping table is kept so the router remembers the address and port mappings.

Here's how PAT will allow two different hosts with private addresses to access two different Internet-based hosts while using a single routable address.

PAT Port Address Translation

Note that the source IP address of the packets leaving the router is the same, but the port numbers are different.  The packets from 10.1.1.2 have been translated to 180.1.1.2 on port 2043, and the packets from 10.1.1.5 have been translated to 180.1.1.2 on port 1928.  When the packets come back from the respective destinations, the IP address / port number combination will be examined by the router and the addresses changed back to the proper private address.

PAT Incoming Packets

PAT is often referred to as overloading.  That's because the actual command that differentiates NAT from PAT on a Cisco router is the simple word "overload". While you most likely don't have to know that for the CompTIA Network + certification exam, a working knowledge of both NAT and PAT is essential.

Join The Parade Of Successful Network+ Candidates Who Earned Their Certifications With My Exclusive Network+ Study Package and My CompTIA-Certified Network+ Video Boot Camp!

That's right, My Network+ Video Boot Camp has been certified with the CompTIA Authorized Quality Curriculum seal - that's as good as it gets!

CompTIA Network+ AQC Seal


"Chris, I passed the CompTIA Network+ certification exam this morning.I don't think I would have passed it without your help. Thank you for a great video! -- Gene Frazier, Network+ Certified!

"Hi There Chris: I just wanted to THANK YOU SOOOOO MUCH for the great Network+ CD that I purchased from you. Thanks to you I passed the exam today and I just couldn't wait to get home and e-mail you. I have failed it a few times in the past especially by reading books only and it never worked.

I think you do an excellent job on the training and you explain things so well. Thanks again and keep up the great training because the next exam I choose to take will definitely come from a Train Signal CD taught by you!" -- Charlene Fyda, Network+ Certified!

(Click That Network+ Video Boot Camp Link To Find Out How To Get A FREE Network+ Study Package!)

 

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com

 

 

The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide

Binary Math And Subnetting Mastery

Cisco Rack Rentals

CCNP BSCI Exam Study Package

CCNP BCMSN Exam Study Package

CCNP BCRAN Exam Study Package

CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide

CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp

Cisco Training Tutorials And Cisco Certification Articles

CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp

CompTIA Network+ Exam Study Package

CompTIA Security+ Exam Study Package

CompTIA A + Certification Exam Study Package

CCNA Training Store | CCNP Certification Training Store

CompTIA Certification Training Store

Cisco Lab Router And Switch Home Lab Help

Site Map | Home Page | Testimonials

Microsoft Windows Vista Certification Updates And News

The Bryant Advantage Blog | About Chris Bryant, CCIE #12933